---
schema_version: "secwatch.filing_event.v1"
accession: "0001388658-26-000055"
form_type: "8-K"
ticker: "IRTC"
cik: "0001388658"
company_name: "iRhythm Holdings, Inc."
filed_at: "2026-06-15T20:30:17+00:00"
generated_at: "2026-06-15T20:31:20.160711+00:00"
event_type: "cyber"
sentiment: "negative"
materiality_score: 0.75
calibrated_materiality_score: 0.75
confidence: "high"
source: SEC EDGAR
---

# iRhythm discloses cyber incident with data exfiltration; threat actor demanded payment

## Summary
- Unauthorized activity identified June 8; threat actor demanded payment for not disclosing exfiltrated data including PHI and proprietary info.
- Company determined incident material on June 10 due to volume of potentially affected data.
- No impact to clinical/medical devices, financial reporting, or patient safety; no card info stored.
- Investigation ongoing; no evidence of ongoing access; company believes not likely material to financial condition.
- Company has cyber insurance but no assurance coverage sufficient.

## SEC filing metadata
- accession: 0001388658-26-000055
- form_type: 8-K
- ticker: IRTC
- cik: 0001388658
- company_name: iRhythm Holdings, Inc.
- filed_at: 2026-06-15T20:30:17+00:00
- event_type: cyber
- sentiment: negative
- materiality_score: 0.75
- calibrated_materiality_score: 0.75
- confidence: high
- sec_items: 1.05
- EDGAR index: https://www.sec.gov/Archives/edgar/data/1388658/000138865826000055/0001388658-26-000055-index.htm
- EDGAR primary document: https://www.sec.gov/Archives/edgar/data/1388658/000138865826000055/irtc-20260610.htm

## Machine-readable alternates
- HTML: https://secwatch.observer/filing/0001388658-26-000055
- JSON: https://secwatch.observer/filing/0001388658-26-000055.json
- Plain text: https://secwatch.observer/filing/0001388658-26-000055.txt

## Key facts
- Cybersecurity Incidents
  iRhythm Holdings, Inc. disclosed a cybersecurity incident: Unauthorized activity involving data maintained on certain third-party-hosted business applications, obtained through social engineering, resulting in exfiltration of proprietary data, patient protected health information and other personal information. Impact: The Company has not identified any impact to its products, clinical or medical device systems, patient safety, manufacturing and distribution operations, financial reporting systems, or the ability to meet patient needs. The Company believes the incident is not reasonably likely to have a material i. Company determined it material. Discovered 2026-06-08.
  - Nature: Unauthorized activity involving data maintained on certain third-party-hosted business applications, obtained through social engineering, resulting in exfiltration of proprietary data, patient protected health information and other personal information.
  - Impact: The Company has not identified any impact to its products, clinical or medical device systems, patient safety, manufacturing and distribution operations, financial reporting systems, or the ability to meet patient needs. The Company believes the incident is not reasonably likely to have a material i
  - Materiality: determined material
  - Discovery: 2026-06-08
  source text: On June 10, 2026, the Company determined that the incident is material in light of the volume of the potentially affected data.
  evidence_url: https://www.sec.gov/Archives/edgar/data/1388658/000138865826000055/0001388658-26-000055-index.htm

This AI-assisted summary is a reading aid. Review the linked SEC EDGAR filing before relying on any specific claim.